Detecting and Reacting against Distributed Denial of Service Attacks

Bouzida, Yacine; Cuppens, Frédéric; Gombault, Sylvain

doi:10.1109/icc.2006.255128

Cited by 20 publications

(11 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[3] illustrates a number of DDoS detection models and a message protocol IDMEF defined by the IETF for coordinative detection of DDoS attacks. [4] proposes a statistical model to detect DDoS attacks and is based on a non-Gaussian modeling of traffic marginals.…”

Section: Associated Workmentioning

confidence: 99%

A Proactive Statistical Defense Solution for DDOS Attacks in Active Networks

Jayashree

Easwarakumar

Anandharaman

et al. 2008

2008 First International Conference on Emerging Trends in Engineering and Technology

View full text Add to dashboard Cite

A Distributed Denial of Service attack is coordinated and synchronized set of comprehensive attacks on a sophisticated network and its services that hampers the network infrastructure thereby bringing down its performance. Its effects are characterized by the uninformed delays and interruptions accompanied by undue losses. Since no optimal methodology exists, the internet continues to remain susceptible to DDoS attacks. The PacketScore scheme is a practical DDoS defense mechanism, which approximates the authenticity of the packets concerning its attribute values and discards selective attack packets. This paper extends the PacketScore scheme and implements a new two-level filtering mechanism using Leaky Bucket that can lessen the losses created by the attacks. The proposed scheme validates the data signatures of the packets complementing the check performed on the packet header. This two-level scrutiny enhances the correctness of detection of DDoS attacks. A standard model to review the efficiency of the two-level filtering has been proposed and the scheme has been deployed and tested in ANTS active network tool kit. The implementation of the proposed scheme is easy let alone efficient and effective in DDoS attack detection with an accurate response to varying DDoS attacks.

show abstract

Section: Associated Workmentioning

confidence: 99%

A Proactive Statistical Defense Solution for DDOS Attacks in Active Networks

Jayashree

Easwarakumar

Anandharaman

et al. 2008

2008 First International Conference on Emerging Trends in Engineering and Technology

View full text Add to dashboard Cite

show abstract

“…This had lead corporations and businesses in general, to earn huge profits. One of the most serious threats to these organizations, comes in the form of a Denial-of-Service (DoS) and its larger counterpart Distributed Denial-of-Service (DDoS) attack [5] [6]. The two main objectives of these attacks are, to exhaust computer resources (CPU time, Network bandwidth) so that it makes services unavailable to legitimate users.…”

Section: Introductionmentioning

confidence: 99%

Protecting web services with Service Oriented Traceback Architecture

Chonka

Zhou

Xiang

2008

2008 8th IEEE International Conference on Computer and Information Technology

View full text Add to dashboard Cite

Service Oriented Architecture (SOA) is a way of reorganizing software infrastructure into a set of service abstracts. In the area of applying SOA to Web Service Security, there have been some well defined security dimensions. However, current Web Security Systems, like WS-Security are not efficient enough to handle Distributed Denial of Service (DDoS) attacks. Our new approach, Service Oriented Traceback Architecture (SOTA), provides a framework to be able to identify the source of an attack. This is accomplished by deploying our defence system at distributed routers, in order to examine the incoming SOAP messages and place our own SOAP header. By this method, we can then use the new SOAP header information, to traceback through the network the source of the attack. According to our experimental performance evaluations, we find that SOTA is quite scaleable, simple and quite effective at identifying the source.

show abstract

“…Such attacks usually need to inject high-rate flows in order to keep buffers full at all times, and starve legitimate flows. These high-rate attacks, though harmful to the network, are easily detected by the DoS traffic pattern monitors and neutralized [1], [2]. Any DoS attack that manages to degrade the performance of the system through low-rate flow injections is more dangerous as it remains undetected.…”

Section: Introductionmentioning

confidence: 99%

Denial of Service Attacks in Networks with Tiny Buffers

Havary-Nassab

Koulakezian

Ganjali³

2009

IEEE INFOCOM Workshops 2009

View full text Add to dashboard Cite

Abstract-Recently, several papers have studied the possibility of shrinking buffer sizes in Internet core routers to just a few dozen packets under certain constraints. If proven right, these results can open doors to building all-optical routers, since a major bottleneck in building such routers is the lack of large optical memories. However, reducing buffer sizes might pose new security risks: it is much easier to fill up tiny buffers, and thus organizing Denial of Service (DoS) attacks seems easier in a network with tiny buffers. To the best of our knowledge, such risks have not been studied before; all the focus has been on performance issues such as throughput, drop rate, and flow completion times.In this paper, we study DoS attacks in the context of networks with tiny buffers. We show that even though it is easier to fill up tiny buffers, synchronizing flows is more difficult. Therefore to reduce the network throughput, the attacker needs to utilize attacks with high packet injection rates. Since such attacks are easily detected, we conclude that DoS attacks are in fact more difficult in networks with tiny buffers.

show abstract

Detecting and Reacting against Distributed Denial of Service Attacks

Cited by 20 publications

References 10 publications

A Proactive Statistical Defense Solution for DDOS Attacks in Active Networks

A Proactive Statistical Defense Solution for DDOS Attacks in Active Networks

Protecting web services with Service Oriented Traceback Architecture

Denial of Service Attacks in Networks with Tiny Buffers

Contact Info

Product

Resources

About